Cyber Deception

Cyber Deception Is a Strategy to Attract Cyber Criminals Away From an Enterprise’s True Assets and Divert Them to a Monitored Decoy

AC-Hunter’s Cyber Deception feature lets you plant deception tokens (fake files and user accounts, aka “Canary Tokens”) across your environment. When an attacker (or insider) touches one of those assets, AC-Hunter records the event and surfaces it in the threat list for investigation.

Deception events appear in the Dashboard threat list alongside network-based detections. Clicking an event in AC-Hunter opens the detail panel with the full event context captured by Tripwire: triggering username, source IP, process name, domain, logon type, and the monitored file path or account name.

AC-Hunter uses the Tripwire Windows agent for configuration on both Domain Controllers and non-DC Windows hosts.